Resubmissions

28-07-2024 22:41

240728-2mcdystbpe 10

General

  • Target

    Synapse Z.exe

  • Size

    53.0MB

  • Sample

    240728-2mcdystbpe

  • MD5

    7b2d33760c73f647ba89633c3fbdae73

  • SHA1

    5584ceb9aafe239a5c684bf237f01507955a70f8

  • SHA256

    00e783843d051d67e29c070f7e850cc3f80942e9d07a0e21029f28f57e1332e1

  • SHA512

    cce6e4af652da1685b7e45f6dab7216fb95aa1249da8c58b0bcf440c42ca35b65ac442bf7166f3bb0eb4da64d5a94edb8e6306cf95c47506ff004928ce509c37

  • SSDEEP

    1572864:JvHcRlbfh7vXSk8IpG7V+VPhqWdfME7KlHqZMWhqremjD:JvHcRxhTSkB05awqfod8MgE

Malware Config

Targets

    • Target

      Synapse Z.exe

    • Size

      53.0MB

    • MD5

      7b2d33760c73f647ba89633c3fbdae73

    • SHA1

      5584ceb9aafe239a5c684bf237f01507955a70f8

    • SHA256

      00e783843d051d67e29c070f7e850cc3f80942e9d07a0e21029f28f57e1332e1

    • SHA512

      cce6e4af652da1685b7e45f6dab7216fb95aa1249da8c58b0bcf440c42ca35b65ac442bf7166f3bb0eb4da64d5a94edb8e6306cf95c47506ff004928ce509c37

    • SSDEEP

      1572864:JvHcRlbfh7vXSk8IpG7V+VPhqWdfME7KlHqZMWhqremjD:JvHcRxhTSkB05awqfod8MgE

    • Enumerates VirtualBox DLL files

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks